summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGrazvydas Ignotas <notasas@gmail.com>2012-05-26 00:21:33 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-06-22 11:37:09 -0700
commitd6fe7df7f2d8c9523deed36bd24036f100b8844b (patch)
treea2f3470286ddfdfe324e25f07451ef3764e76f1e
parentb85ecf1acde49dcc2be67fa4777db259af8ed136 (diff)
downloadlinux-stable-d6fe7df7f2d8c9523deed36bd24036f100b8844b.tar.gz
linux-stable-d6fe7df7f2d8c9523deed36bd24036f100b8844b.tar.bz2
linux-stable-d6fe7df7f2d8c9523deed36bd24036f100b8844b.zip
usb: musb_gadget: fix crash caused by dangling pointer
commit 08f75bf14fadaa81fe362d5acda9b77b113dd0a2 upstream. usb_ep_ops.disable must clear external copy of the endpoint descriptor, otherwise musb crashes after loading/unloading several gadget modules in a row: Unable to handle kernel paging request at virtual address bf013730 pgd = c0004000 [bf013730] *pgd=8f26d811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] Modules linked in: g_cdc [last unloaded: g_file_storage] CPU: 0 Not tainted (3.2.17 #647) PC is at musb_gadget_enable+0x4c/0x24c LR is at _raw_spin_lock_irqsave+0x4c/0x58 [<c027c030>] (musb_gadget_enable+0x4c/0x24c) from [<bf01b760>] (gether_connect+0x3c/0x19c [g_cdc]) [<bf01b760>] (gether_connect+0x3c/0x19c [g_cdc]) from [<bf01ba1c>] (ecm_set_alt+0x15c/0x180 [g_cdc]) [<bf01ba1c>] (ecm_set_alt+0x15c/0x180 [g_cdc]) from [<bf01ecd4>] (composite_setup+0x85c/0xac4 [g_cdc]) [<bf01ecd4>] (composite_setup+0x85c/0xac4 [g_cdc]) from [<c027b744>] (musb_g_ep0_irq+0x844/0x924) [<c027b744>] (musb_g_ep0_irq+0x844/0x924) from [<c027a97c>] (musb_interrupt+0x79c/0x864) [<c027a97c>] (musb_interrupt+0x79c/0x864) from [<c027aaa8>] (generic_interrupt+0x64/0x7c) [<c027aaa8>] (generic_interrupt+0x64/0x7c) from [<c00797cc>] (handle_irq_event_percpu+0x28/0x178) ... Signed-off-by: Grazvydas Ignotas <notasas@gmail.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/usb/musb/musb_gadget.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
index f42c29b11f71..95918dacc99a 100644
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -1232,6 +1232,7 @@ static int musb_gadget_disable(struct usb_ep *ep)
}
musb_ep->desc = NULL;
+ musb_ep->end_point.desc = NULL;
/* abort all pending DMA and requests */
nuke(musb_ep, -ESHUTDOWN);